TRENDING

Why the FBI wants IPv6: It's better for tracking criminals

By William Jackson

Jun 07, 2012

There are plenty of reasons to like or hate Network Address Translation. Network administrators like it because it provides a way to eke out small pools of IP addresses and allows them to hide portions of their networks from the public Internet. Engineers hate it because it breaks the end-to-end nature of the Internet by separating users from their address.

The FBI hates it because it stops them from gathering data from Internet service providers about their customers.

“If we are going to capture the bad guys, it goes back to attribution,” the ability to associate an individual’s online activity with a specific address, said supervisory special agent Robert Flaim.

But when carriers put hundreds of customers behind a single public IP address using Carrier Grade NAT, the link is broken and it becomes difficult or impossible to identify the activities of an individual.

Carriers are required to provide police with records of user activity under court order, but if the records do not exist, the police are out of luck. “We’re already seeing this,” Flaim said June 6 at a conference on government IPv6 sponsored by the Digital Government Institute. “We are serving them subpoenas and they have nothing to provide us.”

The FBI formed the Law Enforcement CGN Working Group in June 2011 to address this problem, said Flaim, who chairs the group. There are some workarounds that could help, but the ultimate answer is adoption of IPv6, which will provide enough Internet addresses to allow every user and every device to have its own address, he said.

IPv6 is the next generation of Internet Protocols, the rules that specify how networked devices communicate and interoperate on the Internet. The IPv6 address space is exponentially larger than that in the current version, IPv4, which is running out of new addresses as the growth of the Internet accelerates. Adoption of IPv6 has begun, but is moving slowly because, for the time being at least, using the new addresses requires operating and maintaining a separate network on top of existing IPv4 infrastructure.

The CGN working group wants to see the adoption of IPv6 proceed more quickly, before carriers spend millions of dollars on a Carrier Grade NAT infrastructure that would likely remain in place for decades once the investment is made.

Network Address Translation allows multiple users on a network to share a single IP address behind a device that translates the public IP address to a private network address. It has long been used by enterprises to extend their pool of addresses. But as the pool of unallocated IPv4 addresses dries up, Carrier Grade or Large Scale NAT is being seen as a tool for carriers and network providers to put off the transition to IPv6.

Nearly everyone agrees that the transition is inevitable because the addition of new customers will increasingly come with IPv6 addresses. In an effort to jump-start the transition, the Internet Society sponsored IPv6 Launch Day June 6 to encourage networks, service providers and content providers to make the transition.

The law enforcement working group has held five meetings in its first year, and has scheduled another for July. “We’re gaining a lot of momentum,” Flaim said, with state and local law enforcement agencies from the United States as well as foreign agencies working, along with carriers and equipment providers, to explore ways around the CGN roadblock until IPv6 replaces the need for translation.

“They are going to have to start logging a lot more,” Flaim said. The working group is developing applications to identify and log user information for lawful intercept purposes. But this is no simple solution. Logging intercept data can generate petabytes of data that have to be stored and managed, requiring significant investments by carriers, and not all servers and applications support logging by default. And unlike Europe, the United States has no data retention laws specifying how data is to be gathered and handled. On top of these difficulties, the collection and retention of such information also raises serious privacy issues.

“It’s a very touchy issue,” Flaim said.

Even wholesale adoption of IPv6 will not completely solve the problem because users still would be able to use anonymous proxy servers to hide or obscure activities.

“A criminal can always find a way around anything,” Flaim said. “What we are trying to do is eliminate most of the problems, but there are always ways around it.”

About the Author

William Jackson is freelance writer and the author of the CyberEye blog.

inside gcn

Reader Comments

Fri, Jun 8, 2012
SoutheastUS

I think it is well past time for the US Congress (both houses) to go to technology school and start writing legislation for law enforcement to protect citizens' privacy and against "unlawful search and seizure". Government agencies should be required to get court orders for having ISPs log data. It would reduce the logging costs for the ISPs and protect privacy for law abiding citizens that are not the object of ongoing investigations.

Fri, Jun 8, 2012

IPv6 allows for privacy addresses to be generated. Your address will change regularly, and authorities can't prove how many people there are on a network, or which activities were related. At least Mac OS X enables this by default.
This article is badly researched.

Fri, Jun 8, 2012
TJ
United States

The "attribution" aspect is pretty much the same with IPv6 (with privacy addressing) as we had in IPv4 (locally NATed, not Carrier-NATed).
For home users: Either way, the FBI kicks in the door and takes all of the machines within that residence ... Carrier NATing would would require a bit more information (ports) from the FBI that the ISP would need to be logging, BUT with the same end result.

Fri, Jun 8, 2012

Law enforcement needs and should use whatever tools necessary to monitor criminals. Compared to other countries, our law enforcement is more restricted in how they can monitor our communications. Our 'innocent until proven guilty' mantra in the U.S. will ensure that we never become a police state.

Fri, Jun 8, 2012

Of course Law Enforcement wants to gather as much information as possible. Can anyone question that gathering this information would be a hugely valuable tool for monotoring criminals? Can anyone, also, question the danger of anyone having access to our communications on the internet. Europe is a beautiful place, and many couries I would say are veritable police states.

Please post your comments here. Comments are moderated, so they may not appear immediately
after submitting. We will not post comments that we consider abusive or off-topic.